The Methods On How To Generate CSR File

04.09.2015

If you don’t know how to generate CSR file, we will help you how to do it correctly. Because it is very important to do it right, as this can influence on the whole Apple GSX certification process. It is also important to know how to use GSX certificate and fix issues that you can face with. But before that you need to generate a CSR file. There are many methods to do it.

Important: Key pair must be unique for each CSR file submitted to Apple company.

How Do I Generate A CSR File? (All Possible Ways)

1. Utilizing OpenSSL:

The openssl application command line can be utilized to create CSR (certificate signed request)and for the public/private key pair generation.

1.1 Key Pair Generation

Command:

openssl genrsa -aes256 -out privatekey.pem 2048

During this command proceeding, as the security option, you will be asked to insert the pass phrase. Remember that it will be your secure pass phrase (like a password) and don’t not share it with any person.

1.2 CSR Generation

Command:

openssl req -new -sha256 -key privatekey.pem -out certreq.csr

Once you running this command, please follow the guide and insert the details being requested.

2.5 After that you will be asked to fill the required information into few certificate fields, please do it while fields come up.

2.6 In result you will get two generated files:

a) PrivateKey.key (this is the un-encrypted version of your private key. – please protect this file, as any person who will get it together with your signed public key at any time can easily impersonate you)

b) CertificateRequest.csr (it is your certificate signing request, that is not sensitive at all). Exactly this file you will put to email and send to Apple company.

The next question that we should investigate in details is: What instructions you should follow when generating the CSR?

Please read the next important tips that you will need to know for CSR generation.

For all questions that are related to org name please insert your organizations’s details but not Apple.

You can generate CSR file either in host or in any computer. It doesn’t depend what it is.

You can develop CSR either with DES or AES. DES is less secure.

Note that if a parnters is utilizing multiple servers, only you will need only one certificate which is generated by one CSR.

There are no obligations that the IP that you use while generate CSR, should be identical to the IP Address whitelisted.

Just after you will enter the command for generating CSR, please follow the steps on the prompt. One of the fields that will be asked to enter is “Common Name (e.g. server FQDN or YOUR name) ” . As the FQDN is a very important field please make sure that you enter the following:

For test environment CSR :

Applecare-APP157-[SoldTo ID].Test.apple.com

For production environment CSR :

Applecare-APP157-[SoldTo ID].Prod.apple.com

Here is the example, described in details for right understanding:

if your soldTo is 0000012345, the value should be Applecare-APP157-0000012345.Test.apple.com for test and Applecare-APP157-0000012345.prod.apple.com for production.

The leading zero’s are really important for the process to proceed and note that the soldTo should always be 10 digits.

During generation CSR file process for private aim you will be asked to enter the pass phrase. This pass phrase is the phrase that you have inserted in 1st step.

Remember that certreq.csr file will be created in that folder where you opened all these commands. You need to send a mail with this csr file to Apple company in order to get a client certificate.

Is your business at of risk of buying stolen / lost mobile devices? We offer you perfect device value calculation using web based or API access with most accurate patented algorithm on market. Used by retailers, resellers, insurers and law enforcement agencies worldwide.